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We claim: 

1. A method of implementing multicast security in a given multicast domain, the given 
ulticast domain having one or more network devices, the method comprising: 

receiving multicast traffic that is encrypted with a global key, the global key being 
avail\ble to the given multicast domain and one or more other multicast domains; 

decrypting the received multicast traffic with the global key to produce decrypted 
multicast traffic; 

encrypting the decrypted multicast traffic with a local key to produce local encrypted 
*i multicast traffic^ the local key being available to the given multicast domain; and 

•15 forwarding the local encrypted multicast traffic to the one or more network devices in 

the given multicast'clomain. 



Si 



** 2. The method according to claim 1, further comprising: 

receiving a global k£y message that identifies the global key. 



m 



3. The method according to^elaim 1 wherein the local encrypted multicast traffic is 
forwarded to all of the network devices in the given multicast domain. 



4. The method according to claimU wherein the local encrypted multicast traffic is 
25 forwarded to a subset of the network devfe.es in the given multicast domain, the subset of 

network devices being identified in a multuxist message. 

5. The method according to claim 1 wherei\the local key is only available to the given 
multicast domain. 



30 



6. The method according to claim 1 wherein the giv^s multicast domain is a protocol 
independent multicast domain. 
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The method according to claim 1 wherein the given multicast domain is a group of 
co\tiguous protocol independent multicast domains. 

\ 

8. NjThe method according to claim 1 wherein the given multicast domain is part of a 
Multicas\source Discovery Protocol backbone. 

\ 

9. A method of implementing multicast security in a given multicast domain, the method 
comprising: \ 

receiving fnulticast traffic that is encrypted with a global key, the global key being 
available to the give^ multicast domain and one or more other multicast domains; 

determining tli^t the given multicast domain contains no network devices interested in 
the received multicast traffic; and 

sending a terminate message to no longer forward the received multicast traffic to the 
given multicast domain. \ 



lineX 



10. The method according ta v claim 9, further comprising: 

receiving a global key message that identifies the global key. 

\ 

\ 

1 1 . The method according to claim\9, further comprising: 

determining, after having sent the\terminate message, that the given multicast domain 
contains one or more network devices interested in the received multicast traffic; and 

sending a resume message to once again forward the received multicast traffic to the 

given multicast domain. \ 

\ 
\ 

\ 

12. The method according to claim 9 wherein tff^ given multicast domain is a protocol 
independent multicast domain. \ 

> 

\ 

13. The method according to claim 9 wherein the givef^ multicast domain is a group of 
contiguous protocol independent multicast domains. \ 

\ 

\ 

\ 
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The method according to claim 9 wherein the given multicast domain is part of a 
MulV|cast Source Discovery Protocol backbone. 

15. /^method of implementing multicast security in a network, the method comprising: 

enc^pting multicast traffic with a global key, the global key being available to a given 
multicast don^ain and one or more other multicast domains; 

forwarding the global encrypted multicast traffic to the given multicast domain; 
receiving the global encrypted multicast traffic at the given multicast domain; 



decryptingAt the given multicast domain, the global encrypted multicast traffic with 
the global key to prodWe decrypted multicast traffic; 

encrypting, at th§ given multicast domain, the decrypted multicast traffic with a local 
key to produce local encrWed multicast traffic, the local key being available to the given 
multicast domain; and 

forwarding the local ^jcrypted multicast traffic to one or more network devices in the 
given multicast domain. 

16. The method according to ctaim 15, further comprising: 
receiving at the given multicast domain a global key message that identifies the global 

key. \ 

17. The method according to claim l^^herein the local encrypted multicast traffic is 
forwarded to all of the network devices in this given multicast domain. 

18. The method according to claim 15 wherei^ the local encrypted multicast traffic is 
forwarded to a subset of the network devices in the^given multicast domain, the subset of 
network devices being identified in a multicast mess^e. 

19. The method according to claim 15 wherein the lc^al key is only available to the given 
multicast domain. 
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20. \ The method according to claim 15 wherein the given multicast domain is a protocol 
independent multicast domain. 

21. Th^ method according to claim 15 wherein the given multicast domain is a group of 

contiguous^otocol independent multicast domains. 
\ 

\ 

22. The methbd according to claim 15 wherein the given multicast domain is part of a 
Multicast Source Discovery Protocol backbone. 



23. A method of implementing multicast security in a given multicast domain, the method 
comprising: 

receiving multicast Vaffic; 
constructing, in response to the received multicast traffic, an information message that 
alerts other multicast domains erf the security capabilities of the given multicast domain; and 
forwarding the information message to at least one other multicast domain. 

24. The method according to claim, 23 wherein the information message is a part of a 
multicast protocol message. 

25. The method according to claim 24 wnerein one or more bits in one or more fields of 
the multicast protocol message are set to alert otjier multicast domains of the security 
capabilities of the given multicast domain. 

26. An apparatus for implementing multicast secuir^y in a given multicast domain, the 
given multicast domain having one or more network devices, the apparatus comprising: 

a receiver for receiving multicast traffic that is encrypted with a global key, the global 
key being available to the given multicast domain and one or more other multicast domains; 

a decryptor for decrypting the received multicast traffic v){th the global key to produce 
decrypted multicast traffic; \ 

\ 
\ 
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an encryptor for encrypting the decrypted multicast traffic with a local key to produce 
local er^rypted multicast traffic, the local key being available to the given multicast domain; 
and 

a traffic forwarder for forwarding the local encrypted multicast traffic to the one or 
more netwonK devices in the given multicast domain. 



27. The apparatus according to claim 26, further comprising: 

a second i^ceiver for receiving a global key message that identifies the global key. 

\ 

28. The apparatu^ according to claim 26 wherein the local encrypted multicast traffic is 

forwarded to all of the\network devices in the given multicast domain. 

\ 

\ 

29. The apparatus according to claim 26 wherein the local encrypted multicast traffic is 

> 

forwarded to a subset of the network devices in the given multicast domain, the subset of 
network devices being identified in a multicast message. 

30. The apparatus accordiil^ to claim 26 wherein the local key is only available to the 



network devices in the given multicast domain. 



31. The apparatus according to t^laim 26 wherein the given multicast domain is a protocol 
independent multicast domain. \ 



32. The apparatus according to claimy26 wherein the given multicast domain is a group of 



contiguous protocol independent multicasf,domains. 



\ 

\ 



33. The method according to claim 26 wherein the given multicast domain is part of a 
Multicast Source Discovery Protocol backbone.^ 



\ 



34. A computer program product for implementing multicast security in a given multicast 
domain, the given multicast domain having one or mare network devices, the computer 
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program product comprising a computer usable medium having computer readable program 
code thereon, the computer program code including: 

nrogram code for receiving multicast traffic that is encrypted with a global key, the 
global ke)( being available to the given multicast domain and one or more other multicast 
domains; 

10 progiWn code for decrypting the received multicast traffic with the global key to 

) produce decrypted multicast traffic; 

programteode for encrypting the decrypted multicast traffic with a local key to 
produce local encWpted multicast traffic, the local key being available to the given multicast 
J domain; and 

k 5 program code^or forwarding the local encrypted multicast traffic to the one or more 

t network devices in the Viven multicast domain. 



35. The computer program product according to claim 34, further comprising: 
program code for receiving a message that identifies the global key. 



20 



36. The computer program cckie to claim 34 wherein the local encrypted multicast traffic 
is forwarded to all of the network fievices in the given multicast domain. 



37. The computer program code according to claim 34 wherein the local encrypted 
25 multicast traffic is forwarded to a subset of the network devices in the given multicast 

domain, the subset of network devices bejng identified in a multicast message. 

38. The computer program code according to claim 34 wherein the local key is only 
available to the network devices in the given multicast domain. 

30 \ 

39. The computer program code according to\|aim 34 wherein the given multicast 
domain is a protocol independent multicast domain\ 

\ 
\ 



# 
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40. vThe computer program code according to claim 34 wherein the given multicast 
domain i^a^group of contiguous protocol independent multicast domains. 

41. The f^nethod according to claim 34 wherein the given multicast domain is part of a 
Multicast Source Discovery Protocol backbone. 

42. An apparatus for implementing multicast security in a network, the apparatus 
comprising: mean\^for encrypting multicast traffic with a global key, the global key being 
available to a given multicast domain and one or more other multicast domains; 

means for forwa^ing the global encrypted multicast traffic to the given multicast 
domain; ^ 

means for receiving ftjie global encrypted multicast traffic at the given multicast 
domain; 

means for decrypting, atVhe given multicast domain, the global encrypted multicast 
traffic with the global key to proauce decrypted multicast traffic; 

means for encrypting, at thAgiven multicast domain, the decrypted multicast traffic 
with a local key to produce local encfypted multicast traffic, the local key being available to 
the given multicast domain; and 

means for forwarding the local eii^rypted multicast traffic to one or more network 
devices in the given multicast domain. 



43. The apparatus according to claim 42, further comprising: 

means for receiving at the given multicas\domain a global key message that identifies 
the global key. 



44. The apparatus according to claim 42 wherein theSJocal encrypted multicast traffic is 
forwarded to all of the network devices in the given multioast domain. 



2204-198-103827 
December 28, 1999 



-25- 



45. The^pparatus according to claim 42 wherein the local encrypted multicast traffic is 
forwarded to avsubset of the network devices in the given multicast domain, the subset of 
network devices ^eing identified in a multicast message. 

\ 

46. The apparatus\pcording to claim 42 wherein the local key is only available to the 
given multicast domain. \^ 

47. The apparatus according to claim 42 wherein the given multicast domain is a protocol 
independent multicast domain. 



48. The apparatus according to cl&^n 42 wherein the given multicast domain is a group of 
contiguous protocol independent multicast domains. 



49. The method according to claim 42 wherem the given multicast domain is part of a 
Multicast Source Discovery Protocol backbone. \ 



